Page 61 / 109 Scroll up to view Page 56 - 60
51
I.
Configuration page
Figure 4-24
IP filter configuration
II.
Parameter explanation
z
Security Level:
This setting determines which IP Filter
rules take effect, based on the security level specified in
each rule. For example, when
High
is selected, only those
rules that are assigned a security value of
High
will be in
effect. The same is true for the
Medium
and
Low
settings.
When
None
is selected, IP Filtering is disabled.
z
Private/Public Default Action:
This setting specifies a
default action to be taken (Accept or Deny) on private or
public-type device interfaces when they receive packets
that
do not
match any of the filtering rules. You can specify
a different default action for each interface type. (You
specify an interface's type when you create the interface;
see 4.3.3
PPP Configuration, for example.)
A
public
interface typically connects to the Internet. PPP and
IPoA interfaces are typically public. Packets received on a public
interface are subject to the most restrictive set of firewall protections
defined in the software. Typically, the global setting for public
Page 62 / 109
52
interfaces is
Accept
, so that all accesses to your LAN initiated from
external computers are denied (discarded at the public interface),
except for those allowed by a specific IP Filter rule.
A private interface connects to your LAN, such as the Ethernet
interface. Packets received on a private interface are subject to a
less restrictive set of protections, because they originate within the
network. Typically, the global setting for private interfaces is
Accept
,
so that LAN computers have access to the Internet connection.
Ensure that the Security Level and Private/Public Default Action
settings on the IP Filter Configuration page are configured as needed,
and then click the
Submit
button. A page displays to confirm your
changes.
4.13.2
Adding an IP Filter Rule
To create the IP filter rule, and set the rule as it must be suit for
various standard while transfer the rule. To add new IP filter rule
using these commands:
On the main IP Filter page, click the
Add
button to display the IP
Filter Rule - Add page. Enter or select data for each field that applies
to your rule. The following figure describes the fields.
Page 63 / 109
53
I.
Configuration page
Figure 4-25
Add IP filter rule
Page 64 / 109
54
II.
Parameter explanation
z
Rule ID
: Each rule must be assigned a sequential ID
number. Rules are processed from lowest to highest on
each data packet, until a match is found. It is
recommended that you assign rule IDs in multiples of 5 or
10 (e.g., 10, 20, 30) so that you leave enough room
between them for inserting a new rule if necessary.
z
Action
: Specifying what the rule will do to a packet when
the packet matches the rule criteria. The action can be
Accept
(forward to destination) or
Deny
(discard the
packet).
z
Direction
: Specifying whether the rule should apply to data
packets that are incoming or outgoing on the selected
interface.
Incoming
refers to packets coming in to the LAN
on the interface, and
Outgoing
refers to packets going out
from the LAN. You can use rules that specify the incoming
direction to restrict external computers from accessing
your LAN.
z
Interface
: The interface on the device on which the rule will
take effect.
z
In Interface
: The interface from which packets must have
been forwarded to the interface specified in the previous
selection. This option is valid only on rules defined for the
outgoing direction.
z
Log Option
: When
Enabled
is selected, a log entry will be
created on the system each time this rule is invoked. The
log entry will include the time of the violation, the source
address of the computer responsible for the violation, the
destination IP address, the protocol being used, the source
and destination ports, and the number of violations
Page 65 / 109
55
occurring in the previous
x
minutes. (Logging may be
helpful when troubleshooting.) This information can also be
e-mailed to administrators.
z
Security Level:
The security level that must be enabled
globally for this rule to take affect. A rule will be active only
if its security level is the same as the globally configured
setting (shown on the main IP Filter page). For example, if
the rule is set to
Medium
and the global firewall level is set
to
Medium
, then the rule will be active; but if the global
firewall level is set to
High
or
Low
, then the rule will be
inactive.
z
Black List Status
: Specifies whether or not a violation of
this rule will result in the offending computer's IP address
being added to the Black List, which blocks the MT800
from forwarding packets from that source for a specified
period of time.
z
Log Tag:
A description of up to 16 characters to be
recorded in the log in the event that a packet violates this
rule. Be sure to set the Log Option to
Enable
if you
configure a Log Tag.
z
Start/End Time:
The time range during which this rule is to
be in effect, specified in military units.
z
Src IP Address
: IP address criteria for the source
computer(s) from which the packet originates. In the
drop-down list, you can configure the rule to be invoked on
packets containing:
z
any
: any source IP address.
z
lt
: any source IP address that is numerically less than
the specified address.
z
lteq
: any source IP address that is numerically less
than or equal to the specified address.

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top